From: Vlad Yasevich <[email protected]> commit 4bdab43323b459900578b200a4b8cf9713ac8fab upstream.
sctp_packet_config() is called when getting the packet ready for appending of chunks. The function should not touch the current state, since it's possible to ping-pong between two transports when sending, and that can result packet corruption followed by skb overlfow crash. Reported-by: Thomas Dreibholz <[email protected]> Signed-off-by: Vlad Yasevich <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Paul Gortmaker <[email protected]> --- net/sctp/output.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/net/sctp/output.c b/net/sctp/output.c index fad261d..5468d41 100644 --- a/net/sctp/output.c +++ b/net/sctp/output.c @@ -92,7 +92,6 @@ struct sctp_packet *sctp_packet_config(struct sctp_packet *packet, SCTP_DEBUG_PRINTK("%s: packet:%p vtag:0x%x\n", __func__, packet, vtag); - sctp_packet_reset(packet); packet->vtag = vtag; if (ecn_capable && sctp_packet_empty(packet)) { -- 1.7.3.3 _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
